marcel/mermaid
1
0
Fork 0
mirror of https://github.com/mermaid-js/mermaid.git synced 2025-09-17 14:29:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Using Whitelist in all places

Browse Source
This commit is contained in:
Knut Sveidqvist
2021-08-05 17:35:28 +02:00
parent d3ae43c4ba
commit c0831ecef6
3 changed files with 53 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cypress/platform/knsv.html
View File

@@ -57,13 +57,12 @@ subgraph CompositeState
end end
</div> </div>
<div class="mermaid" style="width: 100%; height: 20%;"> <div class="mermaid" style="width: 100%; height: 20%;">
%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%% %%{init: { "apa":"b", "theme":"forest"}}%%
%%{init: { 'prototype': {'__proto__': {'vuln': 'test'}}} }%%
sequenceDiagram sequenceDiagram
Alice->>Bob: Hi Bob Alice->>Bob: Hi Bob
Bob->>Alice: Hi Alice Bob->>Alice: Hi Alice
</div> </div>
<div class="mermaid"> <div class="mermaid2">
%%{init: { 'theme':'base', '__proto__': {'polluted': 'asdf'}} }%% %%{init: { 'theme':'base', '__proto__': {'polluted': 'asdf'}} }%%
%%{init: { 'theme':'base', '__proto__': {'polluted': 'asdf'}} }%% %%{init: { 'theme':'base', '__proto__': {'polluted': 'asdf'}} }%%
graph LR graph LR

8
src/mermaidAPI.js
View File

@@ -54,6 +54,8 @@ import journeyDb from './diagrams/user-journey/journeyDb';
import journeyRenderer from './diagrams/user-journey/journeyRenderer'; import journeyRenderer from './diagrams/user-journey/journeyRenderer';
import journeyParser from './diagrams/user-journey/parser/journey'; import journeyParser from './diagrams/user-journey/parser/journey';
import errorRenderer from './errorRenderer'; import errorRenderer from './errorRenderer';
import { configKeys } from './defaultConfig';
// import * as configApi from './config'; // import * as configApi from './config';
// // , { // // , {
// // setConfig, // // setConfig,
@@ -66,7 +68,7 @@ import errorRenderer from './errorRenderer';
import { log, setLogLevel } from './logger'; import { log, setLogLevel } from './logger';
import getStyles from './styles'; import getStyles from './styles';
import theme from './themes'; import theme from './themes';
import utils, { assignWithDepth } from './utils'; import utils, { directiveSanitizer, assignWithDepth } from './utils';
function parse(text) { function parse(text) {
const cnf = configApi.getConfig(); const cnf = configApi.getConfig();
@@ -537,7 +539,9 @@ const handleDirective = function (p, directive, type) {
delete directive.args[prop]; delete directive.args[prop];
} }
}); });
console.log('sanitize in handleDirective', directive.args);
directiveSanitizer(directive.args);
console.log('sanitize in handleDirective (done)', directive.args);
reinitialize(directive.args); reinitialize(directive.args);
configApi.addDirective(directive.args); configApi.addDirective(directive.args);
break; break;

68
src/utils.js
View File

@@ -70,33 +70,14 @@ const anyComment = /\s*%%.*\n/gm;
export const detectInit = function (text, cnf) { export const detectInit = function (text, cnf) {
let inits = detectDirective(text, /(?:init\b)|(?:initialize\b)/); let inits = detectDirective(text, /(?:init\b)|(?:initialize\b)/);
let results = {}; let results = {};
if (Array.isArray(inits)) { if (Array.isArray(inits)) {
let args = inits.map((init) => init.args); let args = inits.map((init) => init.args);
Object.keys(args).forEach((argKey) => { console.log('sanitizer (args)', args);
Object.keys(args[argKey]).forEach((key) => { directiveSanitizer(args);
if (key.indexOf('__') === 0) {
log.debug('sanitize deleting prototype option', args[key]);
delete args[argKey][key];
}
if (key.indexOf('proto') >= 0) {
log.debug('sanitize deleting prototype option', args[key]);
delete args[argKey][key];
}
if (key.indexOf('constr') >= 0) {
log.debug('sanitize deleting prototype option', args[key]);
delete args[argKey][key];
}
if (configKeys.indexOf(key) < 0) {
log.debug('sanitize deleting option', args[argKey][key]);
delete args[argKey][key];
}
});
});
// Object.freeze(Object.prototype);
// Object.freeze(Object);
results = assignWithDepth(results, [...args]); results = assignWithDepth(results, [...args]);
console.log('sanitize results', results);
} else { } else {
results = inits.args; results = inits.args;
} }
@@ -112,6 +93,8 @@ export const detectInit = function (text, cnf) {
} }
}); });
} }
// Todo: refactor this, these results are never used
return results; return results;
}; };
@@ -838,6 +821,44 @@ export const entityDecode = function (html) {
return unescape(decoder.textContent); return unescape(decoder.textContent);
}; };
export const directiveSanitizer = (args) => {
console.log('directiveSanitizer called with', args);
if (typeof args === 'object') {
// check for array
if (args.length) {
args.forEach((arg) => directiveSanitizer(arg));
} else {
// This is an object
Object.keys(args).forEach((key) => {
log.debug('Checking key', key);
if (key.indexOf('__') === 0) {
log.debug('sanitize deleting __ option', key);
delete args[key];
}
if (key.indexOf('proto') >= 0) {
log.debug('sanitize deleting proto option', key);
delete args[key];
}
if (key.indexOf('constr') >= 0) {
log.debug('sanitize deleting constr option', key);
delete args[key];
}
if (configKeys.indexOf(key) < 0) {
log.debug('sanitize deleting option', key);
delete args[key];
} else {
if (typeof args[key] === 'object') {
log.debug('sanitize deleting object', key);
directiveSanitizer(args[key]);
}
}
});
}
}
};
export default { export default {
assignWithDepth, assignWithDepth,
wrapLabel, wrapLabel,
@@ -862,4 +883,5 @@ export default {
runFunc, runFunc,
entityDecode, entityDecode,
initIdGeneratior, initIdGeneratior,
directiveSanitizer,
}; };